Re: Share point suggestions
- From: "David Denmark" <ddenmark-delete-@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Sep 2006 10:29:09 -0700
Hi Will,
The User Management Resource Administrator can script the creation of all
folders, permissions, security groups and group memberships for this to
occur. Our company, Advanced Toolware, works with businesses, schools,
universities and other organizations around the U.S. & Canada in managing
Active Directory with visual scripts. Your post is exactly in line with one
of our professional services projects that we have completely recently for a
school district up here in Washington.
We have a set of scripts that:
1) take class information and create class-period groups and associated
class home directories (located under the teacher home directory)2) adds all
students for each class to their class-period groups
3) sets the manager attribute for the class-period group to the teacher of
that class
4) sets permissions for the teacher to have Modify rights, and students to
have Read & Write (not delete) to class-period share
5) creates a shortcut to the class-period directory in the student's home
directory for easy access on the student-side
6) creates a shortcut to each student home directory and places it in the
teacher's home directory (allowing teachers to easily access student home
directories)
7) all permissions are set up correctly at each level (students have RW,
teachers RWXD, home dir permissions RWXD for students & teacher, etc.)
For 300 students and 30 teachers these scripts would take approximately 5-10
minutes to run and complete. Please let me know if you'd like more
information. Visit our web site at www.advtoolware.com for more information
on the UMRA or for support/sales information.
Thanks,
Dave Denmark
Advanced Toolware
Phone: 1-888-770-4242 Ext. 108
Phone: (253) 770-4823
Fax: (253) 435-4966
Email: ddenmark@xxxxxxxxxxxxxxx
http://www.AdvToolware.com
--- TOOLS FOR WIN 2003/2000/NT/XP ---
* Network and Event Log Monitoring
* Server and Domain Management
* User Account Management
* Disk Quota Management
Will Sellers wrote:
Thanks for the detail layout .
I will study this because this is exactly what I had in mind.
It appears to be a lot of work for 30 teachers and 300 students.
This also implies that this will require maintenance for each school
year. Is that correct?
Where can I get the advanced ACL editor?
I'm not clear on the AD groups.
At the Class Folders level will I be adding the teacher and student
groups?
"Brian Desmond [MVP]" <brian@xxxxxxxxxxxxxxxx> wrote in message
news:u%23mnvOq1GHA.2516@xxxxxxxxxxxxxxxxxxxxxxx
Hey Will-
Here's how I did this when I ran a school network:
Create some shared drive
Create a Subfolder called Class Folders
Create a Folder for each teacher
Create a folder for each Subject
Create a folder under each subject for each Period/Section
For example:
Class Folders
---Smith
------Biology
--------Period 1
--------Period 4
--------Period 8
In AD create groups:
Smith
Smith-Biology
Smith-Biology-1
Smith-Biology-4
Smith-Biology-8
Nest the 1,4 & 8 groups inside Smith-Biology and Smith-Biology inside
Smith. Also put Mr. Smith in the Smith group.
At the Class Folders level give Students and Teachers List Folder
Contents for "This Folder Only" (you have to use the advanced ACL
editor) At the Smith level give Mr. Smith rights to Traverse Folder/Exec
File, List folder/Read Data, Delete
At the Smith\Biology level give Smith-Biology List folder Contents
for "This Folder Only".
Now at each Smith\Biology\Period K level you want to give
Smith-Biology-K Create Files (this folder only) rights.
This will give the kids the rights to drop files in there but not
read anyone else's or see them. It makes a dropbox.
If you have Windows 2003 SP1 on your file server, look up Access
Based Enumeration to make it so people only see folders they have
access to. This is really locked down - it prevents mr smith from
screwing
things up (he will if you let him) and it keeps the kids from
getting into things other than their own. If you want to let them
edit/delete their things in the dropbox, add a "Creator Owner" ACL
to the Smith\Biology\Period K level and give it Modify rights.
If you need a place where Mr. Smith can share files with teh kids, I
would create a couple levels - at the teacher level, subject level,
and period level. If you do it at the period level create
Smith\Biology\Period K\Dropbox and \Shared. For Shared, give Mr.
Smith Modify and the kids Read & Execute.
Let me know if you have any questions.
--
Thanks,
Brian Desmond
Windows Server MVP - Directory Services
www.briandesmond.com
"Will Sellers" <willsellers@xxxxxxxxxxx> wrote in message
news:LYqdnRKuHJtyc5vYnZ2dnUVZ_t6dnZ2d@xxxxxxxxxxxxxx
We have a server 2003 school environment, where teachers have 1 or
more classes and students can belong to 1 or more of those classes.
I need some guidance on how to set up a share where students can
access their class folders with certain access rights.
In addition, the teachers will have full control of their class
folders. It would be nice if teachers and students could only see
their folders and not the other 30 plus teacher/class folders.
I thought about allowing the teachers to create their class folders
on a shared drive and then assign student id's to the folders with
defined access rights ...read, write, no modify.
Please point me in the right direction.
.
- References:
- Share point suggestions
- From: Will Sellers
- Re: Share point suggestions
- From: Brian Desmond [MVP]
- Re: Share point suggestions
- From: Will Sellers
- Share point suggestions
- Prev by Date: Re: editing user attribute with script
- Next by Date: Re: Cannot see group members listed (hidden I think)
- Previous by thread: Re: Share point suggestions
- Next by thread: Re: Share point suggestions
- Index(es):
Relevant Pages
|
